87414 – Mac bots crashing under PluginInfo destructor

Bug 87414 - Mac bots crashing under PluginInfo destructor

Summary: Mac bots crashing under PluginInfo destructor

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Plug-ins (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Andreas Kling

URL:	http://build.webkit.org/results/Lion%...
Keywords:	InRadar, LayoutTestFailure, MakingBotsRed

Depends on:
Blocks:

Reported:	2012-05-24 12:38 PDT by Jessie Berlin
Modified:	2012-05-25 03:03 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Patch (3.36 KB, patch) 2012-05-24 13:05 PDT, Andreas Kling	darin: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jessie Berlin 2012-05-24 12:38:36 PDT

Process:         WebKitTestRunner [66160]
Path:            /Volumes/VOLUME/*/WebKitTestRunner
Identifier:      WebKitTestRunner
Version:         ??? (???)
Code Type:       X86-64 (Native)
Parent Process:  Python [66159]

Date/Time:       2012-05-24 04:33:45.587 -0700
OS Version:      Mac OS X 10.7.3 (11D50)
Report Version:  9

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000

Application Specific Information:
objc[66160]: garbage collection is OFF
*** error for object 0x7fa19c899e30: incorrect checksum for freed object - object was probably modified after being freed.
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff86aedce2 __pthread_kill + 10
1   libsystem_c.dylib             	0x00007fff80cee7d2 pthread_kill + 95
2   libsystem_c.dylib             	0x00007fff80cdfa7a abort + 143
3   libsystem_c.dylib             	0x00007fff80d014ac szone_error + 459
4   libsystem_c.dylib             	0x00007fff80d014e8 free_list_checksum_botch + 29
5   libsystem_c.dylib             	0x00007fff80d0168b tiny_free_list_remove_ptr + 260
6   libsystem_c.dylib             	0x00007fff80d05240 szone_free_definite_size + 916
7   libsystem_c.dylib             	0x00007fff80d3e789 free + 194
8   com.apple.JavaScriptCore      	0x000000010b44397a WTF::fastFree(void*) + 106 (FastMalloc.cpp:332)
9   com.apple.WebKit2             	0x000000010a0e4b63 WTF::StringImpl::operator delete(void*) + 35 (StringImpl.h:66)
10  com.apple.WebKit2             	0x000000010a0e4b22 WTF::StringImpl::deref() + 66 (StringImpl.h:426)
11  com.apple.WebKit2             	0x000000010a0e4ad3 void WTF::derefIfNotNull<WTF::StringImpl>(WTF::StringImpl*) + 35 (PassRefPtr.h:53)
12  com.apple.WebKit2             	0x000000010a0e5b68 WTF::RefPtr<WTF::StringImpl>::~RefPtr() + 24 (RefPtr.h:56)
13  com.apple.WebKit2             	0x000000010a0e5b45 WTF::RefPtr<WTF::StringImpl>::~RefPtr() + 21 (RefPtr.h:56)
14  com.apple.WebKit2             	0x000000010a0e5b25 WTF::String::~String() + 21 (WTFString.h:135)
15  com.apple.WebKit2             	0x000000010a0e4625 WTF::String::~String() + 21 (WTFString.h:135)
16  com.apple.WebKit2             	0x000000010a10c7ac WebCore::MimeClassInfo::~MimeClassInfo() + 60 (PluginData.h:32)
17  com.apple.WebKit2             	0x000000010a107055 WebCore::MimeClassInfo::~MimeClassInfo() + 21 (PluginData.h:32)
18  com.apple.WebKit2             	0x000000010a10c74f WTF::VectorDestructor<true, WebCore::MimeClassInfo>::destruct(WebCore::MimeClassInfo*, WebCore::MimeClassInfo*) + 47 (Vector.h:57)
19  com.apple.WebKit2             	0x000000010a10c70d WTF::VectorTypeOperations<WebCore::MimeClassInfo>::destruct(WebCore::MimeClassInfo*, WebCore::MimeClassInfo*) + 29 (Vector.h:221)
20  com.apple.WebKit2             	0x000000010a10c62c WTF::Vector<WebCore::MimeClassInfo, 0ul>::shrink(unsigned long) + 156 (Vector.h:882)
21  com.apple.WebKit2             	0x000000010a10c52c WTF::Vector<WebCore::MimeClassInfo, 0ul>::~Vector() + 44 (Vector.h:510)
22  com.apple.WebKit2             	0x000000010a10c4f5 WTF::Vector<WebCore::MimeClassInfo, 0ul>::~Vector() + 21 (Vector.h:511)
23  com.apple.WebKit2             	0x000000010a10c41c WebCore::PluginInfo::~PluginInfo() + 28 (PluginData.h:53)
24  com.apple.WebKit2             	0x000000010a107075 WebCore::PluginInfo::~PluginInfo() + 21 (PluginData.h:53)
25  com.apple.WebKit2             	0x000000010a28331f WTF::VectorDestructor<true, WebCore::PluginInfo>::destruct(WebCore::PluginInfo*, WebCore::PluginInfo*) + 47 (Vector.h:57)
26  com.apple.WebKit2             	0x000000010a2832dd WTF::VectorTypeOperations<WebCore::PluginInfo>::destruct(WebCore::PluginInfo*, WebCore::PluginInfo*) + 29 (Vector.h:221)
27  com.apple.WebKit2             	0x000000010a28322c WTF::Vector<WebCore::PluginInfo, 0ul>::shrink(unsigned long) + 156 (Vector.h:882)
28  com.apple.WebKit2             	0x000000010a283174 WTF::Vector<WebCore::PluginInfo, 0ul>::~Vector() + 52 (Vector.h:511)
29  com.apple.WebKit2             	0x000000010a2799b5 WTF::Vector<WebCore::PluginInfo, 0ul>::~Vector() + 21 (Vector.h:511)
30  com.apple.WebKit2             	0x000000010a282572 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (WebKit::WebContext::*)(unsigned long long, WTF::Vector<WebCore::PluginInfo, 0ul> const&)>, void ()(WebKit::WebContext*, unsigned long long, WTF::Vector<WebCore::PluginInfo, 0ul>)>::~BoundFunctionImpl() + 66 (Functional.h:455)
31  com.apple.WebKit2             	0x000000010a2823d5 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (WebKit::WebContext::*)(unsigned long long, WTF::Vector<WebCore::PluginInfo, 0ul> const&)>, void ()(WebKit::WebContext*, unsigned long long, WTF::Vector<WebCore::PluginInfo, 0ul>)>::~BoundFunctionImpl() + 21 (Functional.h:455)
32  com.apple.WebKit2             	0x000000010a2823f9 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (WebKit::WebContext::*)(unsigned long long, WTF::Vector<WebCore::PluginInfo, 0ul> const&)>, void ()(WebKit::WebContext*, unsigned long long, WTF::Vector<WebCore::PluginInfo, 0ul>)>::~BoundFunctionImpl() + 25 (Functional.h:453)
33  com.apple.WebCore             	0x000000010d8b4263 WTF::ThreadSafeRefCounted<WTF::FunctionImplBase>::deref() + 83 (ThreadSafeRefCounted.h:138)
34  com.apple.WebCore             	0x000000010d8b41fc void WTF::derefIfNotNull<WTF::FunctionImplBase>(WTF::FunctionImplBase*) + 44 (PassRefPtr.h:53)
35  com.apple.WebCore             	0x000000010d8b41c8 WTF::RefPtr<WTF::FunctionImplBase>::~RefPtr() + 24 (RefPtr.h:56)
36  com.apple.WebCore             	0x000000010d8b41a5 WTF::RefPtr<WTF::FunctionImplBase>::~RefPtr() + 21 (RefPtr.h:56)
37  com.apple.WebCore             	0x000000010d8b4185 WTF::FunctionBase::~FunctionBase() + 21 (Functional.h:568)
38  com.apple.WebCore             	0x000000010d8b4165 WTF::Function<void ()()>::~Function() + 21 (Functional.h:595)
39  com.apple.WebCore             	0x000000010d8b4145 WTF::Function<void ()()>::~Function() + 21 (Functional.h:595)
40  com.apple.WebCore             	0x000000010d8b475f WTF::VectorDestructor<true, WTF::Function<void ()()> >::destruct(WTF::Function<void ()()>*, WTF::Function<void ()()>*) + 47 (Vector.h:57)
41  com.apple.WebCore             	0x000000010d8b471d WTF::VectorTypeOperations<WTF::Function<void ()()> >::destruct(WTF::Function<void ()()>*, WTF::Function<void ()()>*) + 29 (Vector.h:221)
42  com.apple.WebCore             	0x000000010d8b466c WTF::Vector<WTF::Function<void ()()>, 0ul>::shrink(unsigned long) + 156 (Vector.h:882)
43  com.apple.WebCore             	0x000000010d8b45b4 WTF::Vector<WTF::Function<void ()()>, 0ul>::~Vector() + 52 (Vector.h:511)
44  com.apple.WebCore             	0x000000010d8b3935 WTF::Vector<WTF::Function<void ()()>, 0ul>::~Vector() + 21 (Vector.h:511)
45  com.apple.WebCore             	0x000000010d8b36af WebCore::RunLoop::performWork() + 175 (RunLoop.cpp:68)
46  com.apple.WebCore             	0x000000010ddbcb68 WebCore::RunLoop::performWork(void*) + 72 (RunLoopCF.cpp:67)
47  com.apple.CoreFoundation      	0x00007fff8a54a6e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
48  com.apple.CoreFoundation      	0x00007fff8a549f4d __CFRunLoopDoSources0 + 253
49  com.apple.CoreFoundation      	0x00007fff8a570d39 __CFRunLoopRun + 905
50  com.apple.CoreFoundation      	0x00007fff8a570676 CFRunLoopRunSpecific + 230
51  com.apple.Foundation          	0x00007fff89c52f9f -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 267
52  WebKitTestRunner              	0x000000010a0b963c WTR::TestController::platformRunUntil(bool&, double) + 204 (TestControllerMac.mm:60)
53  WebKitTestRunner              	0x000000010a0b4f15 WTR::TestController::runUntil(bool&, WTR::TestController::TimeoutDuration) + 149 (TestController.cpp:574)
54  WebKitTestRunner              	0x000000010a0ba4f4 WTR::TestInvocation::invoke() + 1892 (TestInvocation.cpp:181)
55  WebKitTestRunner              	0x000000010a0b55be WTR::TestController::runTest(char const*) + 1694 (TestController.cpp:524)
56  WebKitTestRunner              	0x000000010a0b56c2 WTR::TestController::runTestingServerLoop() + 178 (TestController.cpp:540)
57  WebKitTestRunner              	0x000000010a0b3ce0 WTR::TestController::run() + 48 (TestController.cpp:548)
58  WebKitTestRunner              	0x000000010a0b29f2 WTR::TestController::TestController(int, char const**) + 610 (TestController.cpp:91)
59  WebKitTestRunner              	0x000000010a0b2783 WTR::TestController::TestController(int, char const**) + 35 (TestController.cpp:92)
60  WebKitTestRunner              	0x000000010a0b029f main + 143 (main.mm:36)
61  WebKitTestRunner              	0x000000010a0b0204 start + 52

Comment 1 Jessie Berlin 2012-05-24 12:39:14 PDT

This is probably related to http://trac.webkit.org/changeset/117471

Comment 2 Radar WebKit Bug Importer 2012-05-24 12:39:30 PDT

<rdar://problem/11527166>

Comment 3 Radar WebKit Bug Importer 2012-05-24 12:39:59 PDT

<rdar://problem/11527172>

Comment 4 Andreas Kling 2012-05-24 13:05:47 PDT

Created attachment 143873 [details]
Patch

Comment 5 Darin Adler 2012-05-24 14:41:02 PDT

Comment on attachment 143873 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=143873&action=review

> Source/WebKit2/UIProcess/WebContext.cpp:642
> +    RunLoop::main()->dispatch(bind(&WebContext::sendDidGetPlugins, this, requestID, pluginInfos.release()));

It seems like right here might be a great place to give a comment about why we need to do this with a pointer.

Comment 6 Andreas Kling 2012-05-25 03:03:03 PDT

Committed r118505: <http://trac.webkit.org/changeset/118505>